[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Pki-devel] [pki-devel][PATCH] 0043-Document-workaround-for-1454-in-pkispawn-man-page.patch



Document workaround for 1454 in 'pkispawn' man page.
    
    Ticket #1486.
From 7532cbbe46b62eced2f9df4ad2e0b5bcf30d10a4 Mon Sep 17 00:00:00 2001
From: Jack Magne <jmagne localhost localdomain>
Date: Fri, 17 Jul 2015 14:22:29 -0700
Subject: [PATCH] Document workaround for 1454 in 'pkispawn' man page.

Ticket #1486.
---
 base/server/man/man8/pkispawn.8 | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/base/server/man/man8/pkispawn.8 b/base/server/man/man8/pkispawn.8
index c2ab93e..f737273 100644
--- a/base/server/man/man8/pkispawn.8
+++ b/base/server/man/man8/pkispawn.8
@@ -439,8 +439,24 @@ master# scp backup_keys.p12 clone:/backup_keys.p12
 clone# chown pkiuser: /backup_keys.p12
 clone# semanage -a -t pki_tomcat_cert_t /root/backup_keys.p12\fP
 .fi
-
 .PP
+.nf
+Note: One current cloning anomaly to mention is the following scenario:
+
+1. Create a clone of a CA or of any other subsystem.
+2. Remove that just created clone. Before doing so,
+   make sure the setting "pki_ds_remove_data=True" is set when
+   running "pkidestroy" for that clone.
+3. Immediately attempt the exact same clone again, in place of
+   the recently destroyed instance.
+
+Here the Director Server instance can possibly work itself in into a state
+where it no longer accepts connections.
+
+The fix to this is to simply restart the Directory Server instance before
+creating the clone for the second time. After restarting the Directory Server
+it should be possible to create the mentioned clone instance.
+.fi
 .SS Installing a KRA or TKS clone
 .BR
 .PP
-- 
2.1.0


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]